wxBizMsgCrypt.php 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. <?php
  2. /**
  3. * 对公众平台发送给公众账号的消息加解密示例代码.
  4. *
  5. * @copyright Copyright (c) 1998-2014 Tencent Inc.
  6. */
  7. include_once "sha1.php";
  8. include_once "xmlparse.php";
  9. include_once "pkcs7Encoder.php";
  10. include_once "errorCode.php";
  11. /**
  12. * 1.第三方回复加密消息给公众平台;
  13. * 2.第三方收到公众平台发送的消息,验证消息的安全性,并对消息进行解密。
  14. */
  15. class WXBizMsgCrypt
  16. {
  17. private $token;
  18. private $encodingAesKey;
  19. private $appId;
  20. /**
  21. * 构造函数
  22. * @param $token string 公众平台上,开发者设置的token
  23. * @param $encodingAesKey string 公众平台上,开发者设置的EncodingAESKey
  24. * @param $appId string 公众平台的appId
  25. */
  26. public function WXBizMsgCrypt($token, $encodingAesKey, $appId)
  27. {
  28. $this->token = $token;
  29. $this->encodingAesKey = $encodingAesKey;
  30. $this->appId = $appId;
  31. }
  32. /**
  33. * 将公众平台回复用户的消息加密打包.
  34. * <ol>
  35. * <li>对要发送的消息进行AES-CBC加密</li>
  36. * <li>生成安全签名</li>
  37. * <li>将消息密文和安全签名打包成xml格式</li>
  38. * </ol>
  39. *
  40. * @param $replyMsg string 公众平台待回复用户的消息,xml格式的字符串
  41. * @param $timeStamp string 时间戳,可以自己生成,也可以用URL参数的timestamp
  42. * @param $nonce string 随机串,可以自己生成,也可以用URL参数的nonce
  43. * @param &$encryptMsg string 加密后的可以直接回复用户的密文,包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
  44. * 当return返回0时有效
  45. *
  46. * @return int 成功0,失败返回对应的错误码
  47. */
  48. public function encryptMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg)
  49. {
  50. $pc = new Prpcrypt($this->encodingAesKey);
  51. //加密
  52. $array = $pc->encrypt($replyMsg, $this->appId);
  53. $ret = $array[0];
  54. if ($ret != 0) {
  55. return $ret;
  56. }
  57. if ($timeStamp == null) {
  58. $timeStamp = time();
  59. }
  60. $encrypt = $array[1];
  61. //生成安全签名
  62. $sha1 = new SHA1;
  63. $array = $sha1->getSHA1($this->token, $timeStamp, $nonce, $encrypt);
  64. $ret = $array[0];
  65. if ($ret != 0) {
  66. return $ret;
  67. }
  68. $signature = $array[1];
  69. //生成发送的xml
  70. $xmlparse = new XMLParse;
  71. $encryptMsg = $xmlparse->generate($encrypt, $signature, $timeStamp, $nonce);
  72. return ErrorCode::$OK;
  73. }
  74. /**
  75. * 检验消息的真实性,并且获取解密后的明文.
  76. * <ol>
  77. * <li>利用收到的密文生成安全签名,进行签名验证</li>
  78. * <li>若验证通过,则提取xml中的加密消息</li>
  79. * <li>对消息进行解密</li>
  80. * </ol>
  81. *
  82. * @param $msgSignature string 签名串,对应URL参数的msg_signature
  83. * @param $timestamp string 时间戳 对应URL参数的timestamp
  84. * @param $nonce string 随机串,对应URL参数的nonce
  85. * @param $postData string 密文,对应POST请求的数据
  86. * @param &$msg string 解密后的原文,当return返回0时有效
  87. *
  88. * @return int 成功0,失败返回对应的错误码
  89. */
  90. public function decryptMsg($msgSignature, $timestamp = null, $nonce, $postData, &$msg)
  91. {
  92. if (strlen($this->encodingAesKey) != 43) {
  93. return ErrorCode::$IllegalAesKey;
  94. }
  95. $pc = new Prpcrypt($this->encodingAesKey);
  96. //提取密文
  97. $xmlparse = new XMLParse;
  98. $array = $xmlparse->extract($postData);
  99. $ret = $array[0];
  100. if ($ret != 0) {
  101. return $ret;
  102. }
  103. if ($timestamp == null) {
  104. $timestamp = time();
  105. }
  106. $encrypt = $array[1];
  107. $touser_name = $array[2];
  108. //验证安全签名
  109. $sha1 = new SHA1;
  110. $array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt);
  111. $ret = $array[0];
  112. if ($ret != 0) {
  113. return $ret;
  114. }
  115. $signature = $array[1];
  116. if ($signature != $msgSignature) {
  117. return ErrorCode::$ValidateSignatureError;
  118. }
  119. $result = $pc->decrypt($encrypt, $this->appId);
  120. if ($result[0] != 0) {
  121. return $result[0];
  122. }
  123. $msg = $result[1];
  124. return ErrorCode::$OK;
  125. }
  126. }